Working with Parameterized Query

Steps to Work with Parameterize Query:-

1.     Declare The Command Object
     Sy: Classname Object Name;
     Ex: Sqlcommand Cmd;

2.     Define Command Object
    Sy: Object Name=New Classname(“Parameterized Query”, Connection Object)
    Ex:Cmd=New Sqlcommand(“Delete from EmpDetails where ……EmpId=@PEmpId”Co,n);                                 

3.     Mention Command Type 
    Sy: Object Name Command Type=Command Type.Value;
    Ex: Cmd.Commandtype=Commandtype.Text;

4.     Pass the values to the Parameters using Command object 
      Sy:-Cmd.Parametes.AddWIthValue(“Parameter Name”,Value to be stored into ………..the parameter
       EX:-Cmd.Parameters.AddWithValue(“PEmpId”,txtEmpId.text)

5.     Open the Connection
     Sy:-Connection Object Name.Open( );
     Ex:-Con.Open();

6.     Execute The Commend Object
    Sy: Object Name.Execution Method( );
   Ex: Cmd.ExecuteNonQuery();

Advantages using Parameterized Query:-

  [1] In Parameterized query once query is executed results/plans are called to the  .......DataBase Temporarly. 
  [2] Execution is fast because execution plans are cached.
  [3] No possible (Less possible ) of SqlInjection attacks.
 
Disadvantages In Non-Parameterized Query Method:-

[1] Not Flexible to use because query is required to change from DataBase to DataBase..


No comments:

Post a Comment